IAM
Space shortcuts

Log in to ASTRA
Manage UW Groups
Manage UW NetID Resources
Manage UW CA Certs
Manage InCommon CA Certs
Register/Update Shibboleth SP

IAM in Service Catalog

Access Management
Authentication
Directory Services
UW NetID
UW Directory
Microsoft Infrastructure

Page Tree

Child pages
  • UW groups for access to Legacy HR reports
Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 8 Next »

DRAFT

ANALYSIS
Customers

Alin Hunter, Snezana Popovic, UW-IT – The customers of the groups described in this design template represent the owners of Legacy HR/P Archive reports. also possibly for email notices about the reports.

Application Use

BI Portal – The groups will be used for controlling access to the Legacy HR/P Archive reports hosted in the BI Portal (https://biportal.uw.edu).
TBD. Email – The groups will be used for emailing notices about the Legacy HR/P Archive reports using UW Mailman or Marketo.

Membership (Business Definition)

The business definition of the group memberships is individuals with the assignable security roles in Workday.

For example, someone with the "Academic_Partner" role will be a member of the related group.

See https://isc.uw.edu/admin-corner/security-roles/assignable-roles/

See https://isc.uw.edu/support-resources/how-to-get-workday-help/named-support-contacts/

Business ProcessWorkday security role management
System of RecordWorkday
Subject AreaMaster Data
Business DomainMaster Data – Services & Resources – HR/P – Access permissions and restrictions
DESIGN
TypeGroup (security role)
Home Groupuw_isc
Group IDs
Workday Security Role IDGroup ID
Academic_Partneracademic-partner
Costing_Allocations_Coordinatorcosting-allocations-coordinator
HCM_Initiate_2hcm_initiate_2
HR_Partnerhr-partner
VO_STAFF_COMP_COSTvo-staff-comp-cost
Academic_Personnel_Office_Partneracademic-personnel-office-partner
HR_Office_Partnerhr-office-partner
CBU_Benefits_Office_Partnercbu-benefits-office-partner
Absence_Office_Partnerabsence_office_partner
Labor_Relations_Union_Office_Partnerlabor-relations-union-office-partner
ISC_Retiree_Office_Partnerisc-retiree-office-partner
TBDTBD
TBDTBD
ISC_Payroll_Office_Partnerisc-payroll-office-partner
ISC_Compensation_Office_Partnerisc-compensation-office-partner
VO_Medical_Centers_Payroll_Partnervo-medical-centers-payroll-partner
VO_Medical_Centers_Absence_for_Leave_Specialistvo-medical-centers-absence-for-leave-specialist
Display Name

TBD. Need to check if Workday has a user-friendly display name for each Workday security role.

Lifecycle Policy (Creation)

Groups will be created only for approved uses related to Legacy HR/P Archive reports.

Lifecycle Policy (Deletion)

Groups will be deleted when custodians request and plan for their deletion.

Membership (Direct)

Direct membership of each group would include the UW NetIDs of individuals assigned to the specific Workday security role.

Membership (Exceptions)

No exceptions for additions or deletions. All updates will be mastered in Workday.

Membership (Grace Period)

None

Membership (Opt-in)N/A
Membership (Opt-out)N/A
Contact Person

TBD. A contact appropriate for Workday security role support, e.g. "ischelp".

Description

TBD. Define descriptions that help potential customers understand fit for purpose and use, including lifecycle policy, membership policy, data quality standards, appropriate use guidelines, access control policy, ownership, and contact information. Some business processes master data that can be used for descriptions.

More InformationN/A 
Application Settings (Exchange)

Inactive; change to settings will require custodian approval.

Application Settings (Google)

Inactive; change to settings will require custodian approval.

ACCESS CONTROL
Data Custodian

Nancy Jagger, Rachel Gatlin, Margaret Stuart, Cindy Gregovich

Classification

TBD. Determine the appropriate UW data classification (Public, Restricted, Confidential).

Access Control PolicyTBD. Decide and document the access control policy including membership viewer control, sender control, appropriate use guidelines, terms and conditions of use, etc.
Membership Viewer ControlTBD. Define the membership viewer control, including exceptions to the access control policy.
Sender ControlN/A
IMPLEMENTATION
Data Source

HRPWS

Membership (Technical)

TBD. Define the technical definition of the memberships in terms used by the data source and its data elements, as well as any additional filtering.

ProvisioningTBD. Define a provisioning model for data integration and reconciliation that ensures the groups are created in accordance with their lifecycle policy and managed in accordance with their data quality standards.
De-ProvisioningTBD. Define a de-provisioning model that ensures the groups are deleted in accordance with their lifecycle policy.
MonitoringTBD. Define a monitoring solution that helps identify incidents and problems, particularly those that impact availability and reliability.
Data Quality Standards

TBD. Define data quality standards under normal operations, including data validation rules, timeliness of updates, defined error rates, integrity monitoring, and reliability. The standards will depend on the business process, system of record, data source, provisioning and de-provisioning models, monitoring, and operations.

Internal DocumentationTBD. Define what internal documentation will be developed and where it will be maintained.
Customer DocumentationTBD. 
Communication PlanTBD. Alin and Snezana will coordinate communications with BI Portal report users and other stakeholders.
OPERATIONS
Request FulfillmentTBD. Define how requests will be fulfilled. For example, standard requests for information, access to memberships, membership exceptions, email settings, design changes, etc.
Incident ManagementTBD. Define how incidents will be handled.
  • No labels

Have a question? Contact us at iam-support@uw.edu.